Introduction
There are two issues when compiling on AIX systems that can be worked
around using the proper configure command lines.
One problem involves the less than optimal default shared object search
path that the IBM linker inserts into executables. The second problem is
compilaton failure stemming from an incompatibility with the
<string.h>
header file when the IBM compiler attempts to
inline some string functions.
Executive Summary
If you are using the IBM xlc/cc compiler with the IBM ld linker:
% env CC=cc \ CPPFLAGS='-U__STR__' \ LDFLAGS='-blibpath:/usr/lib:/lib:/usr/local/lib' \ ./configure ...If you are using the GNU gcc compiler with the IBM ld linker:
% env CC=gcc \ LDFLAGS='-Wl,-blibpath:/usr/lib:/lib:/usr/local/lib' \ ./configure ...If you are using the GNU gcc compiler with the GNU ld linker, something like this ought to work (untested):
% env CC=gcc \ LDFLAGS='-Wl,-rpath,/usr/lib,-rpath,/lib,-rpath,/usr/local/lib' \ ./configure ...
Note that the library paths shown here are for example use only. You may need to use different paths on your system, particularly when linking with any optional libraries (e.g. krb5, ldap, mysql, etc.).
Linking with the IBM or GNU linker
There is a potential security problem when using the IBM linker.
Unlike other Unix systems, by default the IBM linker automatically will
use the compile time library search path as the runtime shared library
search path. The use of relative paths in the runtime library search
path is an especially acute security problem for suid or sgid programs.
This default behavior is documented, so it is not considered a bug by IBM.
However, some suid programs that have shipped with AIX have included insecure
library search paths and are vulnerable to privilege elevation exploits.
This may not be such a serious a security problem for ProFTPD, since it is not installed suid or sgid. Nonetheless, it is wise to configure the runtime shared library search path with a reasonable setting. For instance, consider potential problems from searching NFS mounted directories.
An existing AIX executable's library search path can be displayed:
% dump -H progname
The runtime library search patch should be specified explicitly at build time using the -blibpath option:
% cc -blibpath:/usr/lib:/lib:/usr/local/lib % gcc -Wl,-blibpath:/usr/lib:/lib:/usr/local/lib
See the ld documentation, not just that of xlc/cc, for further information
on the IBM linker flags. Alternatively, an insecure library search path
can be avoided using -bnolibpath
, which causes the default path
to be used (either the value of the LIBPATH
environment variable,
if defined, or /usr/lib:/lib
, if not).
It has been reported that at least some versions of GNU ld (e.g. 2.9.1)
have emulated this default linking behavior on AIX platforms. However,
GNU ld uses -rpath
to set the runtime library search path,
rather than the IBM ld -blibpath
or the Sun ld -R
options:
% gcc -Wl,-rpath,/usr/lib,-rpath,/lib,-rpath,/usr/local/lib
Again, consult the GNU ld documentation for further information. Note that using the gcc compiler does not imply that it uses the GNU ld linker. In fact, it is more common to use the IBM system linker.
The upshot of all this is that you should tell configure what to use
for the runtime shared library search path. This can be done by setting
LDFLAGS
on the configure command line, possibly like this:
% env CC=cc LDFLAGS='-blibpath:/usr/lib:/lib:/usr/local/lib' \ ./configure ... % env CC=gcc LDFLAGS='-Wl,-blibpath:/usr/lib:/lib:/usr/local/lib' \ ./configure ...
where the "-l" options refer to shared libraries, which can be determined from the output of:
% dump -Hv progname
which displays shared library information. A basic proftpd executable probably will not require any "-l" options at all.
Compiling with the IBM xlc/cc
compiler
There is a problem with the index
and rindex
macros
defined in <cstring.h>
. Apparently, these are used as part
of an attempt to inline string functions when the __STR__
C
preprocessor macro is defined. Conflicts with these definitions will cause
compilation failures.
The work-around is to undefine the __STR__
C preprocessor macro,
which is predefined by the IBM compiler. This can be done on the configure
command line by adding '-U__STR__'
to the CPPFLAGS
variable:
% env CC=cc CPPFLAGS='-U__STR__' ./configure ...